It strikes me that excliding *.dit is probably all that's necessary on the DCs
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Tony Murray [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 11, 2003 8:55 AM > To: [EMAIL PROTECTED] > Subject: Re: AD as a possible target of attack? RE: > [ActiveDir] Virus softwareon DC > > > > DO scan your DCs and reconsider excluding things like the Sysvol > > I fully agree with you here, John. I have seen for myself > how good FRS is at distributing viruses throughout the > infrastructure in short period of time!! Some of the major > AV vendors previously had products that caused problems when > scanning SYSVOL, but the recent offerings have resolved this. > Bottom line: there is no good reason not to include SYSVOL > (as long as you've checked with your AV vendor first). > > Tony > > ---------- Original Message ---------------------------------- > Wrom: NNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXU > Reply-To: [EMAIL PROTECTED] > Date: Wed, 10 Dec 2003 23:18:52 +0100 > > I totally agree with all the guys out there that urge you to scan your > DCs!!! I've been thinking about this issue for some time and > I've come to > the conclusion that Active Directory would be THE IDEAL > target for a virus > attack. The robustness of AD replication makes it the ideal > distribution > mechanism for virusses. Hey ... distributing virusses by mail > is ancient > technology ;-). Why not use the intense integration of > Exchange 2000+ and AD > to transport a virus from Exchange to AD? > > No guys... I'm very serious! DO scan your DCs and reconsider excluding > things like the Sysvol because this is another possible > target for the sick > minds out there that like to screw up enterprise > environments! It's only a > matter of time before the first AD virus is a fact of life we > have to deal > with! > > So go out and check (before you go to bed) whether or not > dat-file updates > are really succeeding ;-). > > Cheers! > John > > > -----Original Message----- > Wrom: WLSZLKBRNVW > To: [EMAIL PROTECTED] > Sent: 10-12-2003 18:07 > Subject: RE: [ActiveDir] Virus software on DC > > Sorry, I have to throw-in my two cents. I exclude the sysvol/sysvol > folder and sub-folders, but run the real-time scanner on everything > else. These two folders deal with replication and are too volatile to > play with. > > S > > ***************************************** > Steve Shaff > Active Directory / Exchange Administrator > Corillian Corporation > (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 > > > -----Original Message----- > Wrom: WCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNS > [mailto:[EMAIL PROTECTED] On Behalf Of > Burkes, Jeremy > [contractor] > Sent: Wednesday, December 10, 2003 8:52 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Virus software on DC > > Same here, never had any problems either. > > Jeremy > > -----Original Message----- > Wrom: KVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHAALPTCXLYRWTQTIPWI > Sent: Wednesday, December 10, 2003 11:47 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Virus software on DC > > > We run Symantec AV corporate edition and don't exclude any > directories. > We haven't had any problems related to AV software...... > > -----Original Message----- > Wrom: GYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXO > [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob > Sent: Wednesday, December 10, 2003 11:42 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Virus software on DC > > >What directories should I not be scanning? > > We use the exclusions in this list- > > 822158 - Virus Scanning Recommendations on a Windows 2000 Domain > Controller: > http://support.microsoft.com/default.aspx?scid=kb;en-us;822158 > > > ________________________________ > > Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFX > Sent: Wednesday, December 10, 2003 8:30 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Virus software on DC > > > We run Trend here. > Never have run into any issues and we are using the realtime > scan. > Just out of curiosity though, I am scanning all except for a few > select dirs/ > What directories should I not be scanning? > > > > John Parker, MCSE > IS Admin. > Senior Technical Specialist > Alpha Display Systems. > > Alpha Video > 7711 Computer Ave. > Edina, MN. 55435 > > 952-896-9898 Local > 800-388-0008 Watts > 952-896-9899 Fax > 612-804-8769 Cell > 952-841-3327 Direct > > [EMAIL PROTECTED] > "Be excellent to each other" > ---End of Line--- > > > -----Original Message----- > Wrom: ISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCG > Sent: Wednesday, December 10, 2003 10:24 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Virus software on DC > > > > I do, but I exclude the AD files, and I do not have real-time > scanning enabled, just periodic scheduled scans. Does not > seem to cause > any problems. > > > > <mc> > > -----Original Message----- > Wrom: PKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLS > Sent: Wednesday, December 10, 2003 11:17 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Virus software on DC > > > > This may be a dumb question, but do you guys have virus scanning > software on your DCs? I have been confused if the virus scanner slows > the machine down or not. Thanks > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
